This chapter covers wireless securitywhat it is, how it works, how it
is configured, what threatens it, and what policies can be designed to secure
it. Wireless networking has limitations, involves some risks, and requires
defense techniques, as you learn in this chapter. All network architectures,
including the wireless networking sector of an organization's network,
should be based on sound security policies. These policies are designed to
address all the weaknesses and threats that can occur in today's large,
wireless TCP/IP-based networks.

There is no doubt that mobile computing is booming. Users want to keep their
mobile devices connected to the network at all times so that productivity is no
longer limited to areas where a physical network connection is located. Users
can now move from place to place, computing when and where they want. This
section should help you understand the basics of wireless local-area networks
(WLANs) networking. WLANs are defined by the Institute of Electrical and
Electronics Engineers (IEEE) organization with the 802.11 standard for wireless
Ethernet. Standard WLANs that are based on the 802.11 IEEE standards provide
mobility to corporate network users while maintaining access to network
resources at all times and locations within the building or campus.

NOTE

The IEEE has established the IEEE 802.11 standard, which is the predominant
standard for WLANs. IEEE standards can be downloaded at the following location:
http://standards.ieee.org/.

Laptops connected to the wireless network are becoming the primary computing
devices in the workplace, providing users with the advantage of much greater
flexibility in meetings, conferences, and during business travel. Companies and
organizations offering this type of network connectivity in venues previously
unavailable will indisputably generate a higher productivity per employee
because critical business information is available at any time and place during
the business day. Furthermore, this technology is a solution for areas that are
difficult to wire, such as older buildings with complex infrastructures and
obstacles. In the United States, there are many homes and buildings on the
National Historic Register (mostly older structures, some developed by famous
modern architects). It is illegal to modify these buildings, which often
includes running cables in walls. To comply with legal restrictions, networking
these buildings can involve taping wires to the baseboards. Wireless networking
is a happy solution for those who work and live in such buildings.

Different WLAN Configurations

As you will see in the case study at the end of the chapter, wireless network
connectivity is not limited to corporate enterprise buildings. WLANs also offer
connectivity outside the traditional office environment. Numerous wireless
Internet service providers are appearing in airports (hotspots), trains, hotels,
and conference and convention centers.

As with most technologies, the early wireless networks were nonstandard, and
only vendor-proprietary technologies existed. This caused interoperability
issues between the different standards of WLAN technologies with vendor-specific
implementations. Standards-based WLAN technologies were developed because of the
interoperability issues. Today, several standards exist for WLAN applications:
802.11, HiperLAN, HomeRF Shared Wireless Access Protocol, and Bluetooth. This
chapter focuses on the 802.11 implementations, which are the most widely
used.

For an end user, WLANs can be categorized as follows:

Peer-to-peer

LAN

Hotspots

For a network administrator, WLANs can be categorized as follows:

Point-to-point bridge

Point-to-multipoint bridge

Ethernet to wireless bridge

One of the earliest setups for WLANs was in peer-to-peer WLAN configurations.
Wireless clients equipped with wireless network interface cards (NICs)
communicate with each other without the use of an independent network device
called an access point. These wireless NICs exist in different types: card bus,
Personal Computer Memory Card International Association (PCMCIA), and Peripheral
Component Interconnect (PCI). Peer-to-peer LANS have limitations such as limited
coverage area and lack of access to wired resources.

NOTE

Among the first wireless devices were laptops with built-in infrared
ports. Many peer-to-peer transfers were accomplished successfully over these
ports to replace null modem cable transfers. Now Ethernet crossover cables
accomplish this purpose.

The peer-to-peer WLAN is often referred to as the independent basic service
set (IBSS), as discussed later in the chapter.

A multiple-segment WLAN extends the coverage of a peer-to-peer WLAN through
the use of overlapping zones or areas. The coverage area of a zone is determined
by the characteristics of the access point (a wireless bridge) that coordinates
the wireless clients' use of wired resources.

Typical examples of these zones are hotspots in airports, coffee shops, and
hotels. Your hotel provides access in the room, in the restaurant, in the lobby,
and in the conference rooms. You are able to roam about without losing the
connection. Figure
14-2 shows the setup of a wireless hotspot.

The hotspot WLAN is often referred to as the infrastructure basic service
set.

NOTE

An extension of these hotspots is found in community networks. These types of
networks extend Internet access with free access. The purchase, installation,
and maintenance are taken care of by the community. Community networks can
extend to include schools, neighborhoods, and small businesses. It has been
noted recently that community networks are not limited to certain areas;
instead, wireless community networks are popping up worldwide.

A full database of worldwide deployments of wireless community networks can
be found at
http://www.nodedb.com.

Imagine that Company XYZ acquires Company ABC, which is located in the same
business park. The network administrators have the responsibility to establish
connectivity between the two companies and integrate Company ABC's
infrastructure into Company XYZ's infrastructure. Building-to-building
wireless networks might be an option to address the connectivity requirement
between LANs (buildings) in a campus-area network.

There are two different types of building-to-building wireless networks:

Point-to-point

Point-to-multipoint

Point-to-point wireless links between buildings can be either radio- or
laser-based point-to-point links.
Figure 14-3
illustrates the point-to-point wireless setup between two buildings.

Antennas are used to focus the signal power in a narrow beam to maximize the
transmission distance. Point-to-point wireless setups can also use laser light
as a carrier for data transmission.

Company buildings spread across a campus or business park can also be
connected using radio-based point-to-multipoint bridged networks by means of
antennas. These antennas use wide beam width to connect multiple buildings.

Cisco provides a family of WLAN products that delivers the same level of
security, scalability, and manageability for WLANs that customers have come to
expect in their wired LAN. The Cisco Aironet Series offers a complete line of
in-building and building-to-building WLAN solutions. The line includes access
points, WLAN client adapters, bridges, antennas, and accessories. More
information on the Cisco wireless product line can be found at
http://www.cisco.com/en/US/products/hw/wireless/index.html.

NOTE

More recently, Cisco acquired a company called Linksys, Inc. Linksys, Inc. is
a division of Cisco Systems, Inc. and is the leading global manufacturer of
broadband, wireless, and networking hardware for home and small office/home
office (SOHO) environments. The products are sold under the Linksys brand
through its existing retail, distributor, and e-commerce channels.